Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security

Security In Voice Over IP Converged Networks 113

dotslash writes: "This article at Internet Telephony Magazine has a very interesting analysis of security issues created by converging data and telephony networks with VoIP: "When the phenomenon of "convergence" between telephony and Internet started, it also brought closer the world of the phreaker and the hacker. VoIP brings all this to the next level. Unfortunately, the security inherent in VoIP solutions is equivalent to that of the early Internet: Non-existent.""
This discussion has been archived. No new comments can be posted.

Security In Voice Over IP Converged Networks

Comments Filter:
  • Don't use it for anything that should be even remotely secure.... or encrypt the data, but I like the first answer better.....
    • Re:Simple Answer (Score:3, Insightful)

      by homer_ca ( 144738 )
      That's pretty much it. Educate the users so they are aware of the level of privacy. Police, fire, taxis and pilots have for years used (and still use) unencrypted analog 2 way radios. Anybody with a scanner could eavesdrop on them, and they lived with that risk.

      I'm not saying it's a good idea to just forget about security, but people should remember there's nothing sacred about privacy electronic communications. If it's really important to keep something secret, don't say it on an insecure line.
    • Using a Nortel Contivity box here with ADSL at both ends for 3 users and it works great with a Nortel M1 ITG (internet trunk gateway) trunk using i2050 software sets. Security is great and QoS cannot be distinguished from a business set in the office.
  • by jdclucidly ( 520630 ) on Thursday August 15, 2002 @05:27PM (#4079441) Homepage
    Anyone equiped with a standard issue electrician's but-set can walk up to a house, pop open the telco terminal and listen/make phone calls on any line in the house. Same goes for corporate lines.

    "Virtually no security" is an improvement over "_no_ security."
  • http://www.counterpane.com/crypto-gram-0107.html
  • by gatekeep ( 122108 ) on Thursday August 15, 2002 @05:28PM (#4079452)
    Granted, security should be implemented at each layer if possible, but wouldn't VoIP inherit the security of the IP network itself? So far, most VoIP installations I've seen/heard about are either within an office, connecting handsets to a PBX with traditional trunks, or between offices of the same company using their internal WAN. Granted you can still have attacks internally, but in neither of these scenarios is it very easy for the general public to snoop or intercept your phone calls.

    That said, I really don't see VoIP on a large scale taking off for a while. Two things need to occur before that happens;

    - Suitably fast data service has to be ubiquitous. Spotty DSL/Cable coverage won't do it.
    - Said data service has to be less expensive than conventional phone service. This one's a no brainer.
    - Wireless data on a large scale would help as well.

    So far, I don't see these criteria being met in all but niche markets, and that's exactly where VoIP has found itself... for now.
    • I've been using Vonage's service for a couple of months now, and except for some minor issues when I'm doing file transfers, the signal is clear, and definitely worth it. I've lowered my phone bill by about $25 a month (I pay about $40 for the service), and will soon be removing a couple of additional things so that they balance out. In addition, a few family members are considering moving to Vonage.

      Now security is a bit of a concern, but since most people who would want to intercept my calls would likely try either the analog line first or else try to intercept the cordless phone signal, I'm not worried too much. If they can get in, they can listen to me get pestered by friends for solutions, or hear about how my nephew across the country is doing well in school. If I had something really pressing, I'd look for another solution, but for now I'm content to wait for the service to provide support through a firmware update, and if they don't and I need it then I'll look for something else.
    • That said, I really don't see VoIP on a large scale taking off for a while.

      Then you are crazy. The amount of money that can be saved by rerouting interoffice calls over the corporate wan is staggering. Because business class SLA's on PRI's for voice are so expensive many businesses are still paying rates close to what consumers were 10 years ago, not the great low rates we are used to today. In the case of our large (180 person) satelite office nearly 80% of our long distance traffic (measured in minutes) was back to one of the companies two major north american campuses or to our manufacturer in taiwan, when we decided to move to VoIP it was determined that the equipment would pay for itself in about 9 months, not a bad ROI at all!
      • Maybe things are different in your business, but at my company (commercial real estate) we make a lot of calls out to clients, potential clients, etc.. While there's quite a bit of internal communications, we can get phone service cheaper through traditional PRI circuits than we can by doing VoIP when you factor in the bandwidth needed for it.

        Sometimes I think that gets overlooked in doing pricing comparisions. Bandwidth isn't free. PRI SLAs aren't cheap, but Frame circuits, PVCs, and CIR aren't cheap either.
        • ah but you get better rates the more bandwidth you buy, not so with voice curcuits. Since eventually even most satelite offices will have some type of optical connection back to headquarters the spare bandwidth will be esentially free.
    • by Anonymous Coward

      That said, I really don't see VoIP on a large scale taking off for a while.
      You are failing to consider large-scale campus and satellite office type situations. Two terrific examples being Enormous State University and Maximegalon Consolidated, Inc.. Each of them is just dying to get VOIP going, just to save on long-distance charges between the disparate campuses where they do business. Flat rates is always preferable to toll-based rates. Especially business rates.

      What amazes me is that most post here that I've read are considering freedom from evesdropping as the only inmportant aspect of security. Far more important in this situation is theft-of-service.

      Some folks have brought up the obvious aspect of this by pointing out that live, unsupervised network jacks are not exactly uncommon on large university campuses, often also in many corporations. Throw unsecured wireless nets in and the networks become very porous indeed. While those ARE potential disabling factors in VOIP security, they aren't the true achilles heel. Those are the issues that are already known from the regular computing-over-IP security regimen. There are well known security regimens to handle tham. Those may or may not exist at any given location, depending on the diligence of the security professionals.

      What few people are considering is something that is built right into VOIP, as an aspect of adapting private-network telephony to the public-network internet: VOIP call signaling is IN-BAND. I'll say it again: Voice-Over-IP signalling is IN-BAND.

      You can encrypt the content of the call all you want, but the information necessary to get the calls through on VOIP has to be accessible to the devices that route the call. Encryption (at current tech) of the signalling will slow down the call enough to impact quality of service.

      If you can eavesdrop on signalling info, you can pretty easily spoof it. Spoof it, and you get a free net-dail-tone. Spammers like open mail relays; hacking/phreaking college students will LOVE open out-bound lines to ANYWHERE.

  • by geesus ( 545118 )
    Why dosnt somebody _make_ it secure? SSL is an open standard, a proven one at that, why not use public\private key encryption for the data, and have the VOip software the part with the encryption?
    • Re:SSL (Score:2, Interesting)

      by streak ( 23336 )
      I think the main concern with using OpenSSL is that it is too slow for real-time data.
      Just think of the amount of packets you have to crypt/decrypt per second.
      If we assume 44khz, 16-bit (depends on the ADC/DAC I guess) data, well that's a lot of packets.
      No one wants to have a 1-2 second delay in their phone conversation.
      • Re:SSL (Score:2, Interesting)

        by apankrat ( 314147 )
        Having worked in the subject area for some time, I can assure you that running VoIP and even video conferencing sessions over IPsec/AES tunnels results in the delay less than 1 ms on the P2-350 machines (serving as gateways on both ends).

        I agree that lag may potentially become a problem as number of VoIP sessions grows, but, hey, that's what you need a hardware crypto gadgets.
        • Also having worked in the field for a while, here's some numbers:

          Regular phone networks encode data at 64 kbps (that's bits per second, not bytes) - 8000 samples/seconds, 8 bits per sample.

          Cell phones use more extreme compression, and can transmit at less than 16 kbps. Ever noticed how they sound worse, though?

          Any stream has a built in delay - you have to buffer up enough sound in a packet before you send it off. So a 1 ms delay means 1000 packets a seconds, which is inefficient for voice. Buffering in voice calls is usually tens of milliseconds.

          Delays of under 100 ms are usually not noticable. Delays of 500 ms will bug the crap out of you.

          And, of course, there is the speed of light limitation, (5 milliseconds for 1000 miles - once you route that through a fiber optic cable, it can be a few times that, depending on the dielectric constant of the fiber.).

          • A 1ms delay for a packet does not equate to 1000 packets per second. It just means that your (eg) 20ms packet (50 packets per second seems reasnable) comes out 21ms after the first sample went in rather than 20ms.

            As an example, look at ppp: your ping time over a 56k modem to your ppp server is going to be around 100ms but it takes about 250ms for a 1500 byte packet to get transfered which is why modem users often see around 200-300ms ping times when playing online games (depending on the size of the packets). Even with that 100ms delay, you will still get about 4 packets per second even though 350*4=1400 (or 325*4=1300 if you're going to split the ping).

            • Potatoes, Patahtos.

              I always measured voice delay from the microphone at the input to the speaker at the output. Your definition is also reasonable.

              But if I'm using one of these things, it's the end to end delay that matters to me.

      • IIRC, there are high-speed compressors (capable of super-realtime compression) available. That takes care of *most* of your data requirements, as voice really does fit nicely into ~16kbps or so. Encryption with symmetric ciphers is usually pretty speedy, whereas asymmetric ciphers, well, aren't - this is why TLS (formerly SSLv3. It's IETF RFC 2246) uses asymmetric ciphers only to generate a session key that's used for symmetric encryption. According to later research, though, all the CBC modes of TLS are prone to an attack where an onlooker can determine if a given bitstring has been transferred, IIRC - I believe this has been corrected in the AES CBC ciphers added later, though I am not sure.

        SSH does TLS negotation or something very similar (it uses OpenSSL, either way) and is *more* than capable of transfering files at 100+KBps even on an old 486 at 66Mhz.

        --Knots;
      • by chill ( 34294 )
        44 KHz, 16-bit! Are you out of your mind!?

        Telephone signals -- the current ones -- are 8 bit, 8 KHz and compressed out the wazoo.

        You aren't playing a concert thru the phone, just talking!
    • Few of them being:

      * it's transport layer protocol, not an IP one. By default it runs on top of TCP, while majority of VOIP protocols do not require TCP's reliability. Needless to say that this is voids no good by any means.

      * it requires reliable carrier for key establishment/renegotiation. Hence dropped and out-of-order packets will effectively break session. This means that you cant just stick SSL between V and IP layers.

      You still can run SSL over unreliable layer (such as UDP or IP itself), but this will require certain protocol 'fixup' effort, which might end up be no less effort than building VoIP security from the scratch.

      The simpliest solution along the lines of your suggestion would be to use IPsec and classical VPNs. Throw in IKE and you get yourself PKI-based system. It'd be somewhat pain in the arse to configure, but as a quick and dirty solution is will suffice.
  • The current laws do not protect security or privacy...

    Well, there is a flaw in the laws regarding IP networks.

    ...nor do they allow law enforcement access for wiretaps

    Again, I'd say this is a flaw in the law.

    The article points out that older analog telephone lines are covered by laws that prevent people from tapping the lines unless it is someone with the authority and authorization to do so. The article makes it look like the laws regarding VoIP are less advanced, and desperately need updated.

    Legal things aside, I would have thought that by now, in this day and age, people would consider security when providing a new service that runs over a computer network. I'm dissapointed in the comapnies who have disregarded security here.

    Is there no easy way to make it all tunnel through SSH?
    • The current laws do not protect security or privacy...

      Well, there is a flaw in the laws regarding IP networks.

      ...nor do they allow law enforcement access for wiretaps

      Again, I'd say this is a flaw in the law.

      The article points out that older analog telephone lines are covered by laws that prevent people from tapping the lines unless it is someone with the authority and authorization to do so. The article makes it look like the laws regarding VoIP are less advanced, and desperately need updated.
      The laws for VoIP are the same. The problem is that the user agents (phones) are prone to initiating direct UA-UA media streams. Such a media stream is not easily tapped and routed to law enforcement officials.
      Legal things aside, I would have thought that by now, in this day and age, people would consider security when providing a new service that runs over a computer network. I'm dissapointed in the comapnies who have disregarded security here.
      VoIP is currently early-stage, however, the standards are definately in place and/or maturing to support full encryption and this aspect of the protocol is certainly being taken seriously. Check out RFC3261 [ietf.org] for a discussion on SIP and the security measures that are being proposed.
      Is there no easy way to make it all tunnel through SSH?
      Not the media. The media streams (presently) are mostly UDP streams. This will change once the end-to-end encryption has been implemented by the proxy and UA manufacturers.

      It's worth pointing out whether it is tasteful or not is one thing, but the fact is that legislation make is the obligation of the service provider to tap and provide access to a subscriber's calls when the appropriate procedures [epic.org] are followed by law enforcement officials.

      The CALEA hurddle, as it is starting to be known in the VoIP world, has solutions [google.ca], some of them good. Typically the place where you are interested in maintaining your internal network VoIP security or gating control is a good place to implement a CALEA solution too.
  • by krich ( 161944 ) on Thursday August 15, 2002 @05:34PM (#4079475)
    ... your old Capt Crunch whistle will send 2600Hz over the IP connection, and will give you root on the other end.

  • As the article briefly mentions, security is a lot easier to implement if the security measures you want are designed along with the system. Of course in this case, our hands are tied, since we want to integrate our Voice and Data networks and IP had no intrensic security to go with it.

    But encryption is definitely feasible. They already use encryption on satellite phones and whatnot, so what is preventing them from adapting that technology to VoIP?
    The VPN idea that was mentioned was quite interesting. That would indeed work if the software can keep up with real time.

    But really VoIP has the same concerns as normal phones and wireless phones. You can intercept calls in both of the other systems (gaining access to phone lines, intercepting cell transmissions, or stealing phone IDs).

    So I don't think that security concerns should stand in the way of using VoIP. I wouldn't use it for your most secure of conversations, but soon enough the technology will get better, since now people realize there is a need for this kind of thing.
  • Ok I am pretty young, 20, I read a bunch of stuff on the net and bbs about phone phreaking in the early 90's, recording certian frequency sounds and playing them over the phone to gain access to any telephone resource you want. Blue boxes brownb boxes, rainbow boxes whatever. Does any of this still work or have all these systems been replaced upgraded etc etc.
    • Red Boxing used to be popular...
      Whenever you dropped coins into a pay phone the phone would emit 5 certain frequency tones. People figured out the frequency and amplitude of these tones and played them into the handset, and voila! free phone calls.

      They have since upgraded pay phones so that these tones aren't used anymore.
    • Most of that stuff won't work anymore.. the tones when you drop a quarter in a phone don't really mean anything anymore, they're just feedback so you know the quarter was registered and such. Course, I suppose if you could find a way old payphone somewhere...

      There's still things that will work though. Not much stopping someone from climbing a pole with a butt phone and tapping another line, etc..
      • Not much stopping someone from climbing a pole with a butt phone and tapping another line, etc..

        Just be sure you take the time to note the difference between a phone cable and a power cable. That's one thing you don't want to learn the hard way.

  • by noahbagels ( 177540 ) on Thursday August 15, 2002 @05:40PM (#4079496)
    Sorry for swearing - but everyone reading /. is adult enough to get a dose of reality.

    If you're actually reading this thread - you're wasting your time.

    do you really care if someone can easily tap your phone conversations?.

    More importantly:

    is the value of your conversation worth the energy required for someone to crack your phone call?

    In a security course (both in college, and later in a Cisco class) we heard that the risk is equal to the value divided by the effort required to get at that value.
    Now: I don't believe this quote exactly, but it's point is clear.

    Nobody I know would spend the effort required to tap my personal line just to hear something I might not tell them directly.
    Further: Companies with secrets can use:

    I. Standard Non-Secure Phone Lines

    II. Secure VoIP solutions

    III.Standard VoIP solutions over a VPN
    ... need I go on?
    • DOSing a corporate phone system is much more dangerous than peeping in on a call here or there. If someone can crack in, and then bring down the voice system, you've got problems. This is why securing a VoIP network is criticaly important.
    • Is it really unexpected that Cisco would play down security issues on their training course.

      "No don't worry yourselves on security just BUY MORE"

      Then agian dont worry that standards are still emerging and this stuff will be out of date within two years.

      Don't worry that interoperability with many PABX is only partial.

      Don't worry that you may loose many of the smart features of your current PABX.

      Dont Worry, BUY MORE
    • On my telephone, no one. But on the phone line of my National VP, it could be much more painful. Say he's trying to close a multi-year deal with a major account (say AT&T). How much would that conversation be worth to a competitor for the same bid? The transcript alone could probably be worth $100,000 to $1,000,000 USD. The rule of survival is simple, when the mistake costs more than your annual salary, you better care!
    • In a security course (both in college, and later in a Cisco class) we heard that the risk is equal to the value divided by the effort required to get at that value.

      Maybe you should find better instructors. If the value of the cracking a system exceeds its costs then there are a different set of people that will be tring to crack the system. Most web site cracks have no value (money wise) to the cracker.
  • bring bring (Score:3, Funny)

    by joe_bruin ( 266648 ) on Thursday August 15, 2002 @05:42PM (#4079504) Homepage Journal
    HELO?
    what? is this ~l33t_hax0r? i'm sorry, there's no such user.
    no, no, this is 129.168.0.1, you must have meant to connect to 192.168.0.1.
    j00're welcome.

    *click*

    goddamnit, i gotta install a firewall.
  • SIP and security. (Score:4, Informative)

    by muonzoo ( 106581 ) on Thursday August 15, 2002 @05:45PM (#4079519)
    Many of the current VoIP deployments today are not using the security features that you might expect to see. In large, this is because the standard itself is maturing and the manner in which security will be implemented is still under investigation. In the case of SIP [ietf.org], the article points out that although the payload (voice) might be encrypted, the signalling isn't. This is not entirely true. One thing that SIP permits is to tunnel SIP as a payload within SIP. The external session serves only as a routing mechanism for the fully encrypted 'real' signaling session contained within. These mechanisms are just completing peer review and implementors are just wrapping their heads around it all. One thing is for sure; unlike protocols that have preceeded them, SIP and it's designers are taking security very seriously. How else could they consider using SIP as an integral part of 3GPP and/or it's use for inter-carrier peering.

    Sure, the protocol itself may have exposure issues, and problems with NAT/PAT devices, but there are companies on the market that are addressing these issues as they arise.

    • by Anonymous Coward
      I disagree. The SIP protocol, last I read, has the following problems :

      1) No key exchange
      2) What is the trust infrastructure ? Here we
      are on Amazon,demanding server authenticity for
      our 10 dollar book. Yet the SIP call agents
      don't have a trust infrastructure definition
      and they are supposed to route thousands of
      phone calls.
      3) Partial payload encryption. SIP has fields
      which are hop mutable(changeable). "shudder"
      Stating "we use SSL or IPSec" ain't gonna
      cut it.
      4) SIP is the signalling, xGCP is the control
      and RTP is the data. MGCP is a text protocol
      and their is no standard for encryption this
      bad boy protocol AFAIK.

      What the SIP working group really needs is new WG chairs who will stop letting every 2 bit company get a RFC so that their little POS will work. And then they need to define how the heck
      all the protocols work together. SIP is the signalling ? How does it exchange RTP keys ? Ask a SIP WG member that question... duh.

      I think we should disband the IETF WG since it is fundamentally flawed. It has defined a protocol(and perversed beyond reason), and didn't bother to think how it's gonna work with others securely. No trust models, nothing...at least CableLabs specifications define a security model.

      coward76 AT yahoo DOT com
    • Re:SIP and security. (Score:2, Interesting)

      by leonia ( 246522 )
      Also, the article author's are clearly behind on their reading. Plain text passwords (known in HTTP as 'basic' authentication) are explicitly disallowed in RFC 3261, the current SIP spec.

      Also, most SIP proxy servers support TLS for secure connections at least between proxies.

      The security problems are real, but it doesn't help anybody (except consultants, maybe) to spread myths.
  • If security of VOIP is no WORSE than that of a normal phone line, then at least you only have to worry about physically securing a single infrastructure as opposed to the multiple parallel ones you had to manage previously.

    Also, in some environments VOIP on top of IPsec may be reasonable. The article is NOT entirely on target (IMHO it's a cheap hit piece). Consider the Cisco IP Phone in a work station. Since a person plugs his or her PC into the phone for network connectivity, you merely need to have some way to trust that the phone is authorized to use QoS, and you can thus encrypt voice traffic AND have the phone do classification.

    And that trust can be gotten on the small with simple approaches such as MAC address lockdowns on your switches.
    • I've got a 3com nbx phone system at work. I also have cisco switches and routers. I can take a phone call and copy the data anywhere I want to send it all transparently anywhere I want. I know this because I do it all the time in an attempt to figure out their unpublised protocol.

      MAC address lock down can be broken on many switches. The common trick is overfill the MAC tables with fake addresses until it dumps the locked down one.
    • And that trust can be gotten on the small with simple approaches such as MAC address lockdowns on your switches.

      Most ethernet chipsets will accept new MAC addresses from the ISA/PCI bus. MAC addresses and IP addresses are both trivial to fake. A single box dropped between the switch for the R&D dept and the next highest-up switch will net you all of the phone calls to and from R&D. Cryptographic methods are the only robust ways to get confidentiality and/or authentication. Public key systems (like SSL) are usually easier to set up than symetric key systems (like Kerberos).

      I agree with many people that it's retarded to come up with a new protocol and say "run this on top of a secure layer if you want". The truth is that 99% of the population won't. It's like saying "yeah, there is this exploding gas tank problem, so weld a tank full of fire fighting foam to the back of your Pinto if you want." It's trivial to say in the standard "this must be run on top of SSL/TLS". In this case, SSL setup times are most likely faster than POTS circuit setup times, so the user going from an analog phone to an SSL/TLS IP phone won't notice any dfference.

  • by IAR80 ( 598046 )
    I would not rather be concerned with privacy violations, since if the big brother is after you probably he will get what he wants, but with what can really happened if someone succedes a distributed denial of service and shuts down hundred of thousends of users deppending on emergency services. There was a few years ago a big roar regarding cisco equipments in Australia when they had a downtime and an emergency call could not pass through. Also as an integration engineer I happended to test some "carrier grade" VoIP equipment from a company I cannot mention which besides it was really crapy was also very sensitive to different DoS attacts and I managed to bring it down several time. Probably you are going to say that the firewalls in the network should prevent me for doing it. The answer is that they didn't even bother and it was due to go live in 3 days.
  • is any inherient lag involved in encrypting and decrypting the data, cost of realtime hardware encryption, etc. I say this after reading many hundreds of pages of Cisco QoS docs (not that i _understood_ even a page :P ) and being amazed at the sheer quantity of VoIP configuration they suggest, all in the name of reducing latency enough to get decent service. Encryption is only going to increase this unless you go hardware styles, in which case it noticably increases the cost of the product, especially if you require a non-specific chip (hell i don't even know how to implement something like twofish on a phone, but i'm guessing that a risc chip with some flash could do the job). On the other hand you could always find some surplus clipper parts :)
    • Given that a modern telephone has a computer and a dsp (even if it is just ISDN), putting encryption in just isn't really a problem. Some people may remember the PGPfone project (also known as Nautilus which could use a standard PC plus a soundcard (CPU plus DSP).

      Remember GSM handsets do encryption/decryption in real-time (not very strong, but it could be better without overloading the CPU).

  • Oxymoron? (Score:2, Funny)

    by vladkrupin ( 44145 )
    Not like it's all that important, but reading "Unfortunately, the security inherent in VoIP solutions is equivalent to that of the early Internet: Non-existent." made me ponder: How can you be equivalent to something that's non-existent? Isn't it kinda akin to dividing by zero?
  • So I'm listening to WFMU [wfmu.org] while Station Manager Ken has another of his little tirades about the RIAA and how they're screwing the world over (and they are, unless owing the RIAA $500 a year for webcasting a station with no music on it [copyright.gov] makes sense to you), and it hits me: what about VoIP? I can't decipher the legalese on the page [copyright.gov], but it doesn't strike me as particularly far-fetched that after quashing webcasters, Rosen et al will sic the attack lawyers on businesses who have the audacity to play hold music on their VoIP phone systems.
    If not, hello loophole!
    • businesses who have the audacity to play hold music

      Just like a normal radio station, businesses do have to license the music from or otherwise come to an agreement with the copyright holder. That's why all hold music is utter crap. No businesses are willing to pay for big-name artists.
    • Music on hold (VoIP or not) is subject to license and RIAA attention. If you plug a CD player into the MOH port of your PBX and play copyrighted music you owe someone money. ASCAP and BMI will act as clearing houses for this but they want big bucks. Muzak will sell a licensed stream of music.
  • by xt ( 225814 ) on Thursday August 15, 2002 @06:08PM (#4079620)
    Only a couple of months ago, we finished a roll-out for IP phones. The client was a bank and security was the top consideration. In essence, whatever worked to secure data, worked to secure VoIP. The problem in general is not with the technology; it is with the "old school" PBX designers and engineers.

    I have met quite a few people, extremely skilled with PBXs, who view data networks as a black box and have almost no knowledge or methodology to work with products that use them, much less secure them.

    When these people grasp the realities of the new, converged, technology, we can expect to see quite a few changes both on VoIP systems' built-in security and fail-safe operation.
  • All your voice are belong to us.
  • by fazil ( 62946 )

    At work, we run all our voip traffic over an IPSec VPN. We use Nortel Internet Telephony Gateways for Line Sets, and i2004 phones at the remote offices.

    Scary thing is.. when the phone guys were planning it.. they just wanted to expose the ITG Card to the internet to make the phones work!!! Good thing The Data Guy (me) stepped in and demanded all traffic run over VPN's to prevent getting hacked.

    When I explained it to them, they had a lightbulb moment. So, companies, beware of the telecom folks you have install your networks.. a lot of the sector isn't ready for convergence. And only a handful of us have a data *AND* voice team.

  • by Anonymous Coward on Thursday August 15, 2002 @06:25PM (#4079702)

    My university just recently overhauled the on-campus phone system. They replaced the old (working) system with IP phones. They did the whole job in a matter of months, despite very vocal opposition by the CS department faculty. These Cisco IP phones cost $700 a pop.

    They hooked the central hub of the phone system up to generators in the event of a power failure. Unfortunately, all our phones depend on switches and routers scattered throughout campus, and the phones themselves have DC power adapters. In the event of a power outage, the central hub will stays on-line, but all the phones throughout campus go out!

    When asked what students and faculty should do in the event of an emergency during a power outage, our IT services department responded, "Try to find someone with a cell phone!"

    Worse yet, switches have a mean time to failure of 100,000 hours. With 2,000 switches throughout campus, sections of the phone system go out once every 50 hours. The current average time for IT services to replace a down switch is 2 weeks.

    These phone have web servers, and a few other goodies. I'm just waiting until an IP phone worm takes out our entire campus's network and telecommunications infrastructure.

    • by Anonymous Coward
      The 79XX series IP phones, while capable of being deployed with external power adapters, are really intended to be used with inline power delivered from the switch itself. Many newer switches support inline power, and not just those from Cisco. In this manner you can have UPS backing of all the IP phones by backing up the switch.

      Cisco does also recommend that the IP phones be placed in a seperate VLAN, both for easy administration and QoS treatment and security reasons. This is very easy to accomplish; you can even keep a workstation attached to the phone in the workstation VLAN - the phone will tag its own frames as belonging to the phone VLAN with 802.1q. One can place ACLs/firewalls at centralized layer 3 boundaries between the networks and place intrusion detection devices inside.

      Jason Young, CCIE #8607, MCSE
      jyoung@wantec.com
      http://www.wantec.com
    • Thats what UPS's are for.

      I work for a VoIP company, doing it with a pure Cisco solution and T1 data lines. The traffic is split at the end router on the customer's site (which has a UPS for itself and the T1 equipment). Their lan plugs into one jack, their phone system (POTS or digital PBX) block into another. The voice traffic goes over the same T1 and DS3's as the data, but on a different "private" network using IPs in the "unroutable" range, until it gets the the voice switch, where it is merged with the national POTS network. The data goes through the same channels, but on publicly accessable IP ranges. All the routers have standard Cisco access security, limiting access via another private network to only machines authed to do so. Also with traffic split in that way, DOS attacks only clog the data line, as the bandwidth for the voice portion is partially reserved.

      As for down-time, the most common cause is the data line itself going down. And being provided by the same company as standard phone service (baby bells), gives the same down-time, or better.
      Also worthy of mention is that standard POTS lines are not the same old analog lines back to the telco as most people believe. They too get digitized along the way and are sent out on T1/DS1 T3/DS3 lines(DS3=28*DS1's, DS1=24*DS0 lines = 672POTS lines/DS3 using TDM/PCM).

      Tm

      • A UPS will give you a few minutes. We have a UPS that we built to run our gear over the summer rolling blackouts. Its got 16 12V deep cycle batteries and it will run most of our computer gear for 4 hours and the critical systems for 8 if some things get shut down. Do you have room for several car batteries every where you've got a switch? VoIP systems tend to have very messy power requirements.

        Ever look at how much power these phones take? Cisco uses 48V (which means you need an over priced regulator circut to drop it to 3.3v inside the phone) and 3Com use 24V which means they can use a lower cost regulator but the current is higer. You end up with serveral watts of lost in each wire. Real phones don't seem to have either of these problems.
  • My experience is that most VOIP installations are inside a company's already secured IP infrastructure. If they go branch to branch they will usually use private frame relay or ATM PVCs. If they go over the Internet it will be over IPSEC or MPLS VPNs. So what is the big deal here? If you use Cisco's VOIP solution, the phones can even reside on something called an auxillary VLAN that is completely seperate from the VLANs used by the computers. Of course you need to use all Cisco gear (phones, switches etc.)

    And this thing about DOS attacks is BS. What corporation in their right minds would carry they VOIP traffic directly over the Internet... C'mon!
  • Even better, I hear that some of the Cisco WAPs support VOIP. Now there's a recipe for disaster.

  • Just can't get past this line:

    "Beyond the monetary risks, there is also a very serious privacy threat as we have become accustomed to government regulation that at least protects our privacy from everyone outside government."

    Protects our privacy?? Oh, you mean like when I use e-mail, IMs or even those less expensive wireless phones?

    I guess that head in sand == privacy.
  • by cfulmer ( 3166 ) on Thursday August 15, 2002 @10:17PM (#4080674) Journal
    Finally, something I know about! This is what I do for a living.

    The fact of the matter is that most of the large emerging packet telephony networks are not being deployed in enterprises, but in the carrier networks -- telephone companies around the world are replacing their old circuit-switched back-haul networks for packet-switched networks, either ATM or IP. These are private networks which are not open to the general public, and so do not have the same risks as, say running VoIP on the internet would. Sure, the telcos still need to watch out for attackers... it's just that you've raised the bar far enough that 'script kiddies' would have a tough time.

    The article also has an over-simplified view of the effort needed to tap an IP phone call. Even if the user were able to mirror any port on the network onto his computer, he still has the extremely hard task of figuring out which port(s) he needs to monitor -- they typically change on a per-call basis, and the user would actually have to mirror two ports (one for each direction of speech) in order to get the entire call. Now, it can be done, but it's difficult. And, it's made even harder because the signalling path (the communication link that handles setting up calls) is usually encrypted, so it becomes impossible to distinguish among calls.

  • The authentication systems that have been added on to SIP and H.323 in order to restrict access are not very well designed and mostly send the authentication details in the clear (not encrypted) so that someone with access to the network can compromise them quite easily.

    Bogus.
    The guy hasn't heard of SIP over TLS or S-MIME payloads in SIP signaling.
  • Think for a moment about service providers supplying the VoIP services. They will provide both the call routing (call setup) system, and the gateway service (so you can call grandma's 'old' phone, from your IP phone.) The more customers that your provider signs up the more chance they have of _not_ having to route calls off-net. This is where the larger providers will get that "economy of scale". I can't help but smirk when I say that :) Now think about this. Since the provider has two different customers, and can route calls only over IP, that implies there is some level of IP connectivity between two people or companies. Now I don't know how you hack a network with those Cisco phones, but I do know how you hack a network with a computer running a software phone--and some other tools :) I think a single company that gets their own call manager (call setup) system, and their own gateway service, could implement a secure network--as secure as private line, anyway. I also think as the providers try to scale it up to multiple customers they increase the security problem.
  • some considerations (Score:2, Informative)

    by jsailor ( 255868 )

    1. almost all VoIP installations are run on switched networks and phone calls are inherently unicast so only source, destination, and possibly a router can see the traffic. Yes, conference calls can be multicast - but most aren't and switches prune non-multicast group member from the broadcast domain anyway

    2. Almost all VoIP installations place voice traffic on a separate VLAN. This VLAN is ususally well protected through routers and the like. Also it's easy to enhance security for the VLAN with basic switch/LAN security techniques (tying MAC addresses to specific ports, traffic filters, even 802.1x)

    3. Securing the call setup servers, gateways and other devices is relatively easy - any decent VoIP installation would protect these and distribute them so there's no single point of failure.

    4. VoIP can be run of VPN's the main issue is the added latency of the encryption/decryption process.

    5. VoIP over the wide area is no less secure than standard long distance.

  • Why would anybody bother to break into a corporate VoIP network to ... make free phone calls over the Internet to their friends? Which they could do directly, for free, now.
    • Those corporate phones will need to be connected to the land based system so the staff can call people that do not have IP phones. Once you are on the corporate IP network, you will have access to their voice gateway. You won't be limited to just their IP based phones.
  • VOMIT! ew .... (Score:2, Interesting)

    security in VoIP? don't make me laugh. check out VOMIT (feel lucky at google).

    and don't believe the hype about the supposed safety of switched nets -- VoIP phones are so very compliant, they just love redirects.

    nobody
  • I would just do the standard 3 passwords on the line vty and line con on my routers. If they cant get access then you have no worries. But since they are going to get in anyways, I would just say screw it and say no thank to security.

"It takes all sorts of in & out-door schooling to get adapted to my kind of fooling" - R. Frost

Working...